Severe Consequences Face Big Data Analytics Without Governance, Experts Say

Lower-cost computing power combined with Hadoop-based analytical systems that can crunch large dispersed data sets could lead to improved health. But, the technology comes with potential issues that must be addressed from a regulatory and policy perspective, according to two experts studying the issue.

Two experts are urging security professionals and policy experts to take care and due diligence in developing data governance standards for big data analytics projects. David Shieldlower, chief information security officer for Health Quest, a large healthcare system provider based in LaGrangeville, N.Y., and Corinne Carey, a healthcare policy researcher and assistant legislative director at the New York Civil Liberties Union, each said big data projects hold so much promise but warn that they could potentially be fraught with misuse.

"There are consequences in not having secure systems and addressing privacy issues," Carey said. "It erodes the public trust in the government, people might be less honest with their health information, and it could modify behaviors in undesirable ways."

[Related: The 10 Coolest Big Data Startups Of 2013 (So Far) ]

Sponsored post

Speaking at the MIS Training Institute's Conference on Big Data Security in Boston on Wednesday, the two experts explained that many uncertainties lie ahead with data privacy and big data analytics. Scientists and government health organizations see immediate benefits of combing through the data. Projects that aim to aggregate data from healthcare databases with information from other sources could allow the government to put its resources in the right places, eliminating fraud and waste and helping to identify health issues before they become a crisis.

Many big data projects are long underway, driven mainly by advertisers, large retailers and e-commerce businesses eager to make money by correlating a shopper's online social activity and interests with buying habits. Experts say big data analytics will soon extend to healthcare data. It will go beyond human genome research. Databases containing information for electronic information exchanges are growing larger every day. When combined with non-healthcare related activities, careful analysis may be able to identify links and patterns that were never seen before.

"The data has tremendous value and it's not just commercial," Shieldlower said. "I've been to meetings on state health information exchanges, and you could see people with the Public Health Department wanting the information so badly; if they aggregate it, they can look for disease patterns, and from their perspective, they're fighting the good fight."

NEXT: Regulations Don't Address The issue Yet

The Health Insurance Portability and Accountability Act (HIPAA) addresses data breach notification and proper security measures to protect personally identifiable information. But, it says little about how the data may be used, Health Quest's Shieldlower said. Until the regulations catch up Shieldlower urges organizations to govern data according to current policies in place, using standard security best practices.

"Electronic health record data governance will evolve differently than credit bureau data because there are fundamental differences in the business model that finances it," Shieldlower said.

Data governance standards for electronic health records are moving slower than standards for the credit card industry because there is immediate value in addressing the issue seen by lenders. The credit industry has only two main stakeholders in the form of lenders and borrowers. Healthcare data has a myriad of stakeholders including patients, researchers, insurers and healthcare providers.

Gaining consent from people to use the data in big data projects is becoming a thorny issue. Eight states are working on developing uniform standards for exchanging electronic healthcare information. In New York, people are not required to consent to having their data uploaded to a centralized patient information exchange program. A healthcare provider is required to get consent only to access the data, Carey, of New York Civil Liberties Union, said. As a result, many mental health providers, drug treatment clinics and other sensitive organizations are not participating in the system, she said.

Public health officials want access. Carey likens the problem to a large mail room at an apartment complex. Each mailbox represents a discrete piece of data: Does the public health department use the mail carrier's key rather than opening each individual mail box?

"Legislatures move very slow and our capability to aggregate collect and analyze all the information being collected it is moving so fast," Carey said. "Legislatures must accommodate the benefits while addressing the potential consequences."